(self)
| 707 | output().hline() |
| 708 | |
| 709 | def fuzz_blind(self): |
| 710 | output().raw("Blindly trying to read files.") |
| 711 | # get a bottle of beer, fuzzing will take some time |
| 712 | output().fuzzed("PATH", "", ("", "GET", "EXISTS")) |
| 713 | output().hline() |
| 714 | # try blind file access strategies (relative path) |
| 715 | for path in fuzzer().rel: |
| 716 | self.verify_blind(path, "") |
| 717 | output().hline() |
| 718 | # try blind file access strategies (absolute path) |
| 719 | for vol in self.vol_exists() + fuzzer().blind: |
| 720 | sep = "" if vol[-1:] in ["", "/", "\\"] else "/" |
| 721 | sep2 = vol[-1:] if vol[-1:] in ["/", "\\"] else "/" |
| 722 | # filenames to look for |
| 723 | for file in fuzzer().abs: |
| 724 | # set current delimiter |
| 725 | if isinstance(file, list): |
| 726 | file = sep2.join(file) |
| 727 | path = vol + sep |
| 728 | self.verify_blind(path, file) |
| 729 | # vol name out of range error |
| 730 | if self.error == "30054": |
| 731 | output().raw("Volume nonexistent, skipping.") |
| 732 | break |
| 733 | # no directory traversal |
| 734 | for dir in fuzzer().dir: |
| 735 | # n'th level traversal |
| 736 | for n in range(1, 3): |
| 737 | path = vol + sep + n * (dir + sep2) |
| 738 | self.verify_blind(path, file) |
| 739 | |
| 740 | # check for path traversal |
| 741 | def verify_path(self, path, found={}): |
no test coverage detected